Preventing Windows 10 and untrusted software from having full access to the internet

Discussion in 'Windows 10' started by kpedersen, Dec 20, 2015.

  1. kpedersen

    kpedersen MDL Junior Member

    Jul 18, 2008
    50
    25
    0
    #1 kpedersen, Dec 20, 2015
    Last edited: Dec 20, 2015
  2. mcb

    mcb MDL Novice

    Oct 10, 2015
    4
    0
    0
    How about using a 3rd party firewall (like Comodo) instead?
    Not a single exe has internet access if it doesn't have an "allow rule".
     
  3. PaulDesmond

    PaulDesmond MDL Magnet

    Aug 6, 2009
    6,993
    7,143
    240
    sandboxie ...........
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. kpedersen

    kpedersen MDL Junior Member

    Jul 18, 2008
    50
    25
    0
    #4 kpedersen, Dec 20, 2015
    Last edited: Dec 20, 2015
    (OP)
    Well effectively the VM running OpenBSD is a glorified firewall. Ironically, even though it is running a full OS, I find it functions faster than Comodo which always caused startup times to increase substantially and made my computer feel sluggish. I am just not a fan of 3rd party firewalls. But yeah, if you can find a 3rd party one you like, it should do the trick. It is just the inbuilt one provided by Windows 10 that is defective because apps can change the rules at will when they are installed.

    I don't think that sandboxie will prevent Windows 10 itself and its Apps from being able to access the internet at random times, only individual applications I manually run with sandboxie.
     
  5. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    6,077
    13,647
    210
    #5 Mr.X, Dec 20, 2015
    Last edited: Dec 20, 2015
    You're right it won't. OTOH WFC (Windows Firewall Control) would do the job easily though.
    WFC has a feature under Options called Secure rules which automatically deletes unauthorized rules created by programs other than Windows Firewall Control.
    Remember WFC is a front-end for native WF so your computer will show no sluggishness.
     
  6. kpedersen

    kpedersen MDL Junior Member

    Jul 18, 2008
    50
    25
    0
    Yeah, this looks like quite a decent piece of software. I might have to give this a shot next time I set up an environment. Cheers :)
     
  7. kpedersen

    kpedersen MDL Junior Member

    Jul 18, 2008
    50
    25
    0
    #7 kpedersen, Feb 1, 2016
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Actually I decided rather than installing that firewall software (closed source and all ;)), to just knock up a simple script.

    Turns out the solution to my problem was that a certain part of the registry can be set to read-only which breaks AFAIK all cases of software adding their own sneaky firewall rules.

    Basically when run as admin with the "lock" parameter, it sets the rules registry key as read-only. The "unlock" parameter will then undo that change so the windows firewall can be modified again.

    Code:
    using System;
    using System.Security;
    using System.Security.Principal;
    using System.Security.AccessControl;
    using System.Text;
    using Microsoft.Win32;
    
    namespace LockFirewall
    {
        class Program
        {
            static void Main(string[] args)
            {
                if (args.Length <= 0)
                {
                    Console.WriteLine("No option specified");
                    Environment.Exit(1);
                }
    
                string keyUrl = "SYSTEM\\CurrentControlSet\\services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules";
                RegistryKey rk = Registry.LocalMachine.OpenSubKey(keyUrl, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions | RegistryRights.ReadKey);
    
                if (rk == null)
                {
                    throw new Exception("Failed to open key");
                }
    
                if (args[0] == "unlock")
                {
                    Console.WriteLine("Enabling write");
                    RegistrySecurity rs = new RegistrySecurity();
                    rs.PurgeAccessRules(new NTAccount("Everyone"));
                    rk.SetAccessControl(rs);
                }
                else if (args[0] == "lock")
                {
                    Console.WriteLine("Disabling write");
                    RegistrySecurity rs = new RegistrySecurity();
                    rs.AddAccessRule(new RegistryAccessRule("Everyone", RegistryRights.SetValue | RegistryRights.CreateSubKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny));
                    rk.SetAccessControl(rs);
                }
                else
                {
                    Console.WriteLine("Invalid option specified");
                    Environment.Exit(1);
                }
            }
        }
    }
    
    
    Hope this helps someone :)
     
  8. thorin0815

    thorin0815 MDL Senior Member

    Jul 16, 2015
    440
    295
    10
    Sorry to say, but to fully block Windows 10 you need to pull the cable. Nobody knows how many backdoors Microsoft has build in to be able to send the stuff they want. ;-)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. lobo11

    lobo11 TOMAHAWK CHOP

    Feb 16, 2012
    6,542
    5,009
    210
    #9 lobo11, Feb 2, 2016
    Last edited: Feb 2, 2016
    I don't know the answer to all the spyware, but you must know that all those people who receive the phone calls from your computer must share, so if only one call gets out, your waist size is out there, and by trying to stop some of the calls out, you uninstall things, turn services off.
    Well if that means you sleep better, (but really, do you not think MS does not know what we do), in there updates they add more. You can't even run sfc /scannow if you have problems, remember one gets out, someone knows your shoe size, your ex-wife's names, what video's you watch, yup
    Santa going to know who the pervs are, I only watch Sports, lol.
    Windows used to be cool, fun and knowledgeable, now it seems money and spying is the new norm.
    I hate it, but the wind seems to be blowing that way, (Remember, if only one gets out) yes and phone calls too, I you forgot what you promised your wife, girlfriend, if your nice to the NSA, they may tell you.:biggrin:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. kpedersen

    kpedersen MDL Junior Member

    Jul 18, 2008
    50
    25
    0
    Heh, true. At least this stops some of the other software I have installed but don't trust. Adobe, Autodesk etc...
     
  11. dhjohns

    dhjohns MDL Guru

    Sep 5, 2013
    3,276
    1,731
    120
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. ThomasMann

    ThomasMann MDL Expert

    Dec 31, 2015
    1,045
    163
    60
    Yep.... that is the way it is, and we are at the beginning of this development.

    The markets are shrinking. People have understood, that neither Win10 nor iPhone 9 will give them anything new, that they actually want. Sales are on their way down. Only Advertisement is still making money, because it is not cash from the users.

    Hardware software... the markets will become smaller and smaller. Yahoo will not be the last ones to cut 15% employees.

    If it is any consolation, the whole world economy is crumbling too. Unless someone comes up with a completely new product for the mass market, as they did with computers in the eighties....